Total
1535 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27655 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-16 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: CPA v1 V-2023-009. | ||||
| CVE-2021-27312 | 1 Gleezcms | 1 Gleez Cms | 2025-04-16 | 9.4 Critical |
| Server Side Request Forgery (SSRF) vulnerability in Gleez Cms 1.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via modules/gleez/classes/request.php. | ||||
| CVE-2024-38109 | 1 Microsoft | 1 Azure Health Bot | 2025-04-15 | 9.1 Critical |
| An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. | ||||
| CVE-2024-38206 | 1 Microsoft | 1 Copilot Studio | 2025-04-15 | 8.5 High |
| An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network. | ||||
| CVE-2025-27652 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: rfIDEAS V-2023-015. | ||||
| CVE-2025-27651 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: Elatec V-2023-014. | ||||
| CVE-2025-0539 | 2025-04-15 | N/A | ||
| In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself. | ||||
| CVE-2025-26990 | 2025-04-15 | 4.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Elementor Addons allows Server Side Request Forgery. This issue affects Royal Elementor Addons: from n/a through 1.7.1006. | ||||
| CVE-2025-31490 | 2025-04-15 | 7.5 High | ||
| AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows SSRF due to DNS Rebinding in requests wrapper. AutoGPT is built with a wrapper around Python's requests library, hardening the application against SSRF. The code for this wrapper can be found in autogpt_platform/backend/backend/util/request.py. The requested hostname of a URL which is being requested is validated, ensuring that it does not resolve to any local ipv4 or ipv6 addresses. However, this check is not sufficient, as a DNS server may initially respond with a non-blocked address, with a TTL of 0. This means that the initial resolution would appear as a non-blocked address. In this case, validate_url() will return the url as successful. After validate_url() has successfully returned the url, the url is then passed to the real request() function. When the real request() function is called with the validated url, request() will once again resolve the address of the hostname, because the record will not have been cached (due to TTL 0). This resolution may be in the "invalid range". This type of attack is called a "DNS Rebinding Attack". This vulnerability is fixed in 0.6.1. | ||||
| CVE-2025-29720 | 2025-04-15 | 4.8 Medium | ||
| Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. | ||||
| CVE-2025-30964 | 2025-04-15 | 5.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in EPC Photography. This issue affects Photography: from n/a through 7.5.2. | ||||
| CVE-2025-3572 | 2025-04-15 | 7.5 High | ||
| SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server. | ||||
| CVE-2022-3189 | 1 Dataprobe | 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more | 2025-04-15 | 5.3 Medium |
| Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a request to the host or IP specified in the changed host parameter. | ||||
| CVE-2025-32358 | 1 Zammad | 1 Zammad | 2025-04-15 | 4 Medium |
| In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This could be abused by an attacker to cause GET requests for example in the local network. | ||||
| CVE-2024-2049 | 1 Citrix | 2 Citrix Sd Wan Premium Edition, Citrix Sd Wan Standard Edition | 2025-04-15 | 6.5 Medium |
| Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP. | ||||
| CVE-2025-31824 | 2025-04-15 | 5.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Wombat Plugins WP Optin Wheel allows Server Side Request Forgery. This issue affects WP Optin Wheel: from n/a through 1.4.7. | ||||
| CVE-2017-20106 | 1 Khoros | 1 Lithium Forum | 2025-04-15 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-41763 | 1 Microsoft | 1 Skype For Business Server | 2025-04-14 | 5.3 Medium |
| Skype for Business Elevation of Privilege Vulnerability | ||||
| CVE-2022-4130 | 1 Redhat | 3 Satellite, Satellite Capsule, Satellite Utils | 2025-04-14 | 4.5 Medium |
| A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server. | ||||
| CVE-2022-4096 | 1 Appsmith | 1 Appsmith | 2025-04-14 | 6.5 Medium |
| Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2. | ||||